Scroll to top


A risk-based approach to cyber security and data management

Data & More | NIS2

The NIS2 directive seeks to improve the cyber resilience of public and private entities in seven specific sectors (energy, transport, banking, financial market infrastructures, healthcare, drinking water supply and distribution, and digital infrastructures) and across three digital services (online marketplaces, online search engines and cloud computing services), including suppliers to the above sectors… which pretty much will include all major companies.

The NIS2 Directive requires a risk-based approach to cyber and information security. From a data management and protection perspective (as referred to in article 6 -2, C), this requires the organisation to classify and manage their data effectively, so:

  1. Sensitive data can be adequately identified and managed (moved /encrypted/deleted)
  2. Realtime analytics are available for reporting and incident management
  3. Data can be audited for compliance and reporting

NIS2 emphasise the role of cyber hygiene, which requires cleaning up old data that is no longer needed for operation purposes but still poses a risk to cyber security.

Unfortunately, most of the data that the NIS2 directive covers is stored in data sources like Mail, Sharepoint, Onedrive, Fileshare, and other large repositories.

We will help you identify and manage your critical information

Unmanaged unstructured data introduces a HUGE risk to the organisation because the data usually contains information about the critical infrastructures that NIS2 is intended to protect. Unstructured data could include:

  • Communication between IT personnel about network structures
  • Information about suppliers, customers or employees
  • Personal Sensitive Data about employees or customers
  • Onboarding material to new employees that reveals the security process
  • Initial and temporary passwords and usernames
  • And so much more


The list goes on, but Data & More has created an initial NIS2 framework to help you identify and manage your critical information. We have also developed a discovery model that continuously identifies new critical information that must be identified and managed.

Meet with us

Click the button below if you want to set up a meeting with Data & More to discuss how we can help you improve your cyber resilience and become NIS2 compliant.